Microsoft has started introducing native Sysmon capabilities to select Windows 11 devices enrolled in the Windows Insider Program.

The company first announced its plan to integrate Sysmon directly into Windows 11 and Windows Server back in November, along with a commitment to publish full documentation.

Sysmon (System Monitor) is a free Microsoft Sysinternals tool that runs as a Windows service and driver. It tracks and logs suspicious or malicious activity to the Windows Event Log, making it a widely used resource for troubleshooting persistent issues and supporting threat‑hunting efforts.

 

Out of the box, Sysmon records core events such as process creation and termination. With custom configuration, it can monitor far more advanced behaviour – including executable creation, process tampering, clipboard changes, and even automatic backups of deleted files.

Until now, Sysmon had to be installed manually on each device, which made deployment and management challenging in large environments. The new built‑in version aims to simplify that.

According to the Windows Insider team:

“Windows now brings Sysmon functionality natively to Windows. Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor.”

Captured events continue to be written to the Windows Event Log, ensuring compatibility with existing security tools and workflows.

How to Enable the Built‑In Sysmon

Sysmon is included but disabled by default. Users must turn it on manually, and any previously installed Sysmon version must be uninstalled first.

Enable via Settings:

  • Go to Settings > System > Optional features > More Windows features
  • Check Sysmon

Or enable via PowerShell/Command Prompt:

  • Dism /Online /Enable-Feature /FeatureName:Sysmon

Then complete the setup:

  • sysmon -i

Availability

The new optional Sysmon feature is rolling out to Windows Insiders in the Beta and Dev channels running:

  • Windows 11 Preview Build 26220.7752 (KB5074177) — Beta
  • Windows 11 Preview Build 26300.7733 (KB5074178) — Dev
By Published On: February 5th, 2026

Share This Story, Choose Your Platform!

Related Posts

Notepad++ Hacked for months by Chinese State Group
Gallery

Notepad++ Hacked for months by Chinese State Group

February 9th, 2026|0 Comments
Exchange Online flagging legitimate emails as phishing
Gallery

Exchange Online flagging legitimate emails as phishing

February 9th, 2026|0 Comments